<html>
<body>
<b>Momo 1003:</b> Mybatis注解式SQL注入漏洞 <br>
<br>
<p>攻击者可利用此漏洞，恶意构造SQL语句，导致数据库信息泄漏或被篡改。</p>
<br>
<p style="font-size: 10px;color: #d9534f;">错误实践:</p>
<p style="font-size: 10px;">@Select("select * from user where id = <b style="color: #d9534f;">${id}</b>")</p>
<br>
<p style="font-size: 10px;color: #629460;">最佳实践:</p>
<p style="font-size: 10px;">@Select("select * from user where id = <b style="color: #629460;">#{id}</b>")</p>
</body>
</html>